6 Jan 20:46
Fwd: Using xdg-open in /etc/mailcap causes hole in Firefox (Demonstration/Exploit included)
Here's a heads up for everyone (I've CCd the discoverer) Steve, can you assign a CVE id. Thanks. ----- Forwarded Message ----- Hello, as I've seen, you also seem to use xdg-open in /etc/mailcap. The problem is, that xdg-open, itself, detects the right mime-type. This allowes an attacker to deliver a dangerous file with a trustworthy mime-type to get it executed by xdg-open. I've created an example page: https://prefbar.mozdev.org/testxdgopen.html (With SSL) http://prefbar.mozdev.org/testxdgopen.html (Without SSL) This page delivers a .desktop file with the mime-type "application/pdf". In default configuration, Firefox offers to open this file with the default application, which is xdg-open. Just one click on "OK" (and most users won't have a closer look at the dialog!) and the content in the .desktop file is immediately executed! Other combinations are possible, I just got the first result with .desktop files. There may be other dangerous types, Firefox may be tricked to open with xdg-open. It's even possible to hide the real file type. See also: https://bugs.freedesktop.org/show_bug.cgi?id=19377 Problem: Their security bugs are open to the publicFast reaction would be required
RSS Feed